{“lastseen”:”2026-05-04T16:44:31″,”description”:”\\n\\nProgress Software has released updates to address two security flaws in MOVEit Automation, including a critical bug that could result in an authentication bypass.\\n\\nMOVEit Automation (formerly Central) is a secure, server-based managed file transfer (MFT) solution used to schedule and automate file movement workflows in enterprise environments without requiring any custom scripts. \\n\\nThe vulnerabilities in question are CVE-2026-4670 (CVSS score: 9.8), an authentication bypass vulnerability, and CVE-2026-5174 (CVSS score: 7.7), an improper input validation vulnerability that could allow privilege escalation.\\n\\n\\”Critical and high vulnerabilities in MOVEit Automation may allow authentication bypass and privilege escalation through the service backend command port interfaces,\\” Progress Software said in an advisory. \\”Exploitation may lead to unauthorized access, administrative control, and data exposure.\\”\\n\\nThe shortcomings affect the following versions -\\n\\n * MOVEit Automation \\u003c= 2025.1.4 (Fixed in MOVEit Automation 2025.1.5)\\n * MOVEit Automation \\u003c= 2025.0.8 (Fixed in MOVEit Automation 2025.0.9)\\n * MOVEit Automation \\u003c= 2024.1.7 (Fixed in MOVEit Automation 2024.1.8)\\n\\n\\n\\nAirbus SecLab researchers Ana\u00efs Gantet, Delphine Gourdou, Quentin Liddell, and Matteo Ricordeau have been credited with discovering and reporting the two vulnerabilities. There are no workarounds that resolve the issues.\\n\\nWhile Progress makes no mention of the flaws being exploited in the wild, it’s essential that users apply the fixes as soon as possible for optimal protection, particularly given that prior flaws in MOVEit Transfer have been exploited by ransomware gangs like Cl0p.\\n\\nFound this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post.\\n”,”published”:”2026-05-04T16:34:00″,”modified”:”2026-05-04T16:34:48″,”type”:”thn”,”title”:”Progress Patches Critical MOVEit Automation Bug Enabling Authentication Bypass”,”source”:””,”references”:””,”id”:”THN:F622C9663C5EE86353F6AADB44927261″,”bulletinFamily”:”info”,”cwe”:null,”cvelist”:[“CVE-2026-4670″,”CVE-2026-5174″],”sourceData”:””,”sourceHref”:””,”cvss”:{“score”:9.8,”severity”:”CRITICAL”,”vector”:”CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:H\/A:H”,”version”:”3.1″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/thehackernews.com\/2026\/05\/progress-patches-critical-moveit.html”,”category_name”:”News”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:”2026-05-04T16:44:31″,”description”:”\\n\\nProgress Software has released updates to address two security flaws in MOVEit Automation, including a critical bug that could result in an authentication bypass.\\n\\nMOVEit Automation…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[9,6,8,35,12,13,7,11,43,5],"class_list":["post-51279","post","type-post","status-publish","format-standard","hentry","category-category_news","tag-critical","tag-cve","tag-cvss","tag-cvss-98","tag-exploit","tag-news","tag-security","tag-tapic","tag-thn","tag-vulnerability"],"yoast_head":"\n